DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Keeper Security | December 08, 2022
Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords, secrets and connections, today announced that the company has obtained StateRAMP Authorization at the Moderate Impact Level for its Keeper Security Government Cloud (KSGC).
The nationwide StateRAMP cybersecurity verification program promotes the adoption of secure cloud services across state and local governments by providing a standardized approach to security and risk assessment for cloud technologies. StateRAMP Authorization differentiates KSGC from its competitors as the best in class zero-trust and zero-knowledge security solution for state and local governments, as well as higher-educational institutions, to protect their passwords, data, and secrets.
StateRAMP Authorization enables these governments and organizations to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. It allows them to leverage Keeper's password management and cybersecurity platform on an institution-wide scale with confidence that the solution meets strict standardized security requirements. KSGC is hosted in AWS GovCloud (US), designed to host sensitive data, regulated workloads, and address the most stringent security and compliance requirements.
Keeper's StateRAMP Authorization comes on the heels of KSGC achieving FedRAMP Authorization at the Moderate Impact Level in August 2022. While StateRAMP Authorization typically takes two years to complete, KSGC's existing FedRAMP Authorization accelerated the certification. To receive FedRAMP Authorization, organizations must implement controls from 17 different control families that originate from National Institute of Standards and Technology Special Publication 800-53. Now, KSGC is the first and only FedRAMP and StateRAMP Authorized password management platform in the industry.
"We are proud to bring Keeper's password management and cybersecurity platform to StateRAMP Authorized status, and thrilled to be the first FedRAMP and StateRAMP Authorized password management platform. "KSGC's StateRAMP Authorization underscores our dedication to the highest standards of internal security controls and encryption. Keeper is eager to help state and local governments and higher-educational institutions protect their digital assets from ransomware, data breaches and other password-related cyberattacks."
Darren Guccione, CEO and Co-Founder of Keeper Security
Keeper provides government agencies with a human-centric cybersecurity solution that promotes adoption of password best practices, like the use of MFA, by employees and contractors. Keeper also promotes secure collaboration with encrypted record sharing that allows system administrators to regulate privileged access to files, as well as masking credentials. Keeper's zero-knowledge system architecture provides the highest levels of security and privacy. Encryption and decryption of data always occurs locally on the user's device, and only the encrypted ciphertext is stored in KSGC.
KSGC's FedRAMP and StateRAMP Authorizations follow a White House Executive Order mandating zero-trust architecture and strong encryption, along with a draft memorandum by the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency mandating all federal agencies adopt a zero-trust security architecture by 2024. The memorandum specifically calls out password security requirements that KSGC facilitates, including strong password policies, the removal of a deprecated requirement to require special characters and regular password rotation, and the ability to compare user passwords against weak and breached data.
About Keeper Security
Keeper Security is transforming the way organizations of all sizes secure their passwords, secrets and confidential information. Keeper's easy-to-use cybersecurity platform is built on a foundation of zero-trust and zero-knowledge security to protect every user on every device, while meeting the most stringent government security and compliance requirements. Keeper is SOC 2 and ISO 27001 certified, FIPS 140-2 validated, FedRAMP and StateRAMP Authorized. Trusted by federal agencies including the Departments of Justice and Energy, Keeper is the leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging.
Read More
ENTERPRISE SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
Telos Corporation | January 09, 2023
SteelCloud LLC, a leading CIS and STIG compliance automation software developer and Telos Corporation, a renowned provider of cyber, enterprise, and cloud security solutions to the world's most security-conscious organizations, recently announced entering into a partnership to assist customers in reducing the complexity of NIST Risk Management Framework (RMF) compliance. Customers gain access to all seven RMF phases via a unified, automated solution.
SteelCloud's ConfigOS capabilities take care of the identify/ categorize, select, and implement components of RMF for technical assets. ConfigOS examines an asset, determining whether Security Technical Implementation Guides (STIG) apply, scanning against the STIG standards, identifying compliance indicators, and automating the remediation of findings. Meanwhile, Xacta incorporates and uses this information during the RMF's assessment and authorization processes, as well as when the monitor step is initiated once authorization to operate (ATO) is obtained.
Working together, ConfigOS and Xacta drive decisions to address identification and selection problems while reporting important indicator metrics required to achieve and sustain ATO. STIG and vulnerability data from ConfigOS are integrated into Xacta and mapped to appropriate requirements as part of Assessment and Authorization (A&A), providing customers with a streamlined approach to gaining necessary permissions. Xacta's workflow automation streamlines the whole NIST RMF workflow, managing validation, analysis, documentation, and accreditation processes from start to end.
About Telos Corporation
Telos Corporation provides solutions for continuous security assurance of personnel, systems, and information to the world's most security-conscious enterprises, empowering and protecting them. The company offers enterprise security solutions for identity and access management, organizational messaging, secure mobility, and network management and defense. Telos Corporation serves commercial organizations, regulated sectors, and government customers all around the world.
About SteelCloud
SteelCloud is a company that creates STIG and CIS compliance software for government and business clients. The company's product reduces the complexity, effort, and cost of implementing federal security standards by automating policy and security repair. SteelCloud has provided enterprise-wide security policy-compliant solutions, easing setup, and ongoing security and compliance support. SteelCloud goods are simple to obtain through our GSA Schedule 70 contract.
Read More
DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY
BlueVoyant | November 14, 2022
BlueVoyant, an industry-leading cyber defense company that combines internal and external cybersecurity, today released the findings of its third annual global survey into supply chain cyber risk management. The study reveals that 98% of firms surveyed have been negatively impacted by a cybersecurity breach that occurred in their supply chain. This is up slightly from 97% of respondents last year. Digital supply chains are made of the external vendors and suppliers who have network access that could be compromised.
"The survey shows that supply chain cybersecurity risk has not decreased and, in fact, more enterprises than ever have reported being negatively impacted by a cybersecurity disturbance in their supply chain," said Adam Bixler, BlueVoyant's global head of supply chain defense. "The good news is that across industries and regions, organizations are making supply chain defense a priority, but these organizations need to better monitor suppliers and work with them to remediate issues to reduce their supply chain risk."
Other key survey findings include:
40% of respondents rely on the third-party vendor or supplier to ensure adequate security.
In 2021, 53% of companies said they audited or reported on supplier security more than twice per year; that number has improved to 67% in 2022. These numbers include enterprises monitoring in real time.
Budgets from supply chain defense are increasing, with 84% of respondents saying their budget has increased in the past 12 months.
The top pain points reported are internal understanding across the enterprise that suppliers are part of their cybersecurity posture, meeting regulatory requirements, and working with suppliers to improve their security.
"While supply chain defense is a challenge, there are solutions for enterprises to better defend against this risk," said James Rosenthal, BlueVoyant's CEO and co-founder. "Enterprises should continuously monitor their supply chain to be able to quickly remediate threats. As companies are being negatively impacted by supply chain disturbances, they must prioritize this risk with the appropriate budget."
The study was conducted by independent research organization, Opinion Matters, and recorded the views and experiences of 2,100 chief technology officers (CTOs), chief security officers (CSOs), chief operating officers (COOs), chief information officers (CIOs), chief info security officers (CISOs), and chief procurement officers (CPOs) responsible for supply chain and cyber risk management in organizations with more than 1,000 employees across a range of industries. These include: business services, financial services, healthcare and pharmaceutical, manufacturing, utilities and energy, and defense. It covered 11 countries: U.S., Canada, Germany, Austria, Switzerland, France, the Netherlands, the United Kingdom, Australia, the Philippines, and Singapore.
The 2021 research was also conducted by Opinion Matters and recorded the views and experiences of 1,200 CTOs/CSOs/COOs/CIOs/CISOs/CPOs in similar enterprises and the same industries. It covered six countries: U.S., Canada, Germany, the Netherlands, the U.K., and Singapore.
Analysis of the responses from different commercial sectors revealed considerable variations in their experiences of supply chain risk:
While healthcare and pharmaceutical was the third-highest vertical in terms of experiencing greater board scrutiny for supply chain risk at 42%, the sector also indicates the lowest likelihood to increase budget for external resources to bolster supply chain cybersecurity, by a margin of 7% below the next closest vertical. This sector is also the least likely of any vertical (34%) to have no way of knowing if an issue arises with a third party's environment.
The energy sector was most likely to report negative impact from at least one supply chain breach in the last year (99%) but 49% are monitoring supply chain cyber risk regularly or in real time, and 44% are updating senior leadership monthly or more frequently. In addition, energy companies say they are increasing their budget for supply chain cyber risk by an average of 60%.
In manufacturing, 64% of respondents say that supply chain cyber risk is on their radar and 44% say they have established an integrated enterprise risk management program.
About BlueVoyant
BlueVoyant combines internal and external cyber defense capabilities into an outcomes-based platform called BlueVoyant Elements™. Elements is cloud-native and continuously monitors your network, endpoints, attack surface, and supply chain plus the clear, deep, and dark web for vulnerabilities, risks, and threats; and takes action to protect your business, leveraging both machine learning-driven automation and human-led expertise. Elements can be deployed as independent solutions or together as a full-spectrum cyber defense platform. BlueVoyant's approach to cyber defense revolves around three key pillars — technology, telemetry, and talent — that deliver industry-leading cybersecurity to more than 700 clients across the globe.
Read More